On Thu, Jul 14, 2022, at 10:20, Peter Saint-Andre wrote: > On 7/13/22 3:00 PM, Salz, Rich wrote: >> * It is definitely the "BCP" already--there are good reasons not to >> support TLS 1.2 on a server, and good reasons for clients not to >> connect to a server that negotiates it. >> >> What are they? > > Good question. I think we want to distinguish between "can" and "should". There are servers that can reasonably not support TLS 1.2 now. Most clients that are up to date will have TLS 1.3. Those servers can disable TLS 1.2 and enjoy the benefit of using a more robust protocol. However, I don't see the IETF being in a position yet where it can tell people not to use TLS 1.2. There's a good protocol hidden in there still if you are careful. More importantly, we still have people who have not been able to make a move. Note the careful distinction here between not able and not willing; the latter will start to be an excuse soon. -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call